Virus qui bloque l'acces aux postes clés ( - Page 7

Précédent
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    et le rapport de Kaspersky on line ?
    0
  2. ibmm
     
    Bonjour,

    Voici le hijack pour commencer :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:14:42, on 12/11/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  3. ibmm
     
    Je n'ai pas mis l'exhaustivité du log; j'espère que tu comprendras

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, November 13, 2007 12:58:57 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 14/11/2007
    Kaspersky Anti-Virus database records: 457789
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 39288
    Number of viruses found: 6
    Number of infected objects: 10
    Number of suspicious objects: 0
    Duration of the scan process: 01:15:08

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\.housecall6.6\Quarantine\awzyalmd.zqy.ren.bac_a02372 Infected: Trojan-Clicker.Win32.Small.js skipped
    C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Local Settings\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\Cache\3CD27B45d01/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
    C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Local Settings\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\Cache\3CD27B45d01 ZIP: infected - 1 skipped
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Outils d'administration\Stratégie de sécurité locale.lnk Object is locked skipped

    (...)

    C:\Documents and Settings\LAPTOP\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LAPTOP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LAPTOP\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LAPTOP\Local Settings\Historique\History.IE5\MSHist012007111220071113\index.dat Object is locked skipped
    C:\Documents and Settings\LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LAPTOP\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LAPTOP\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LAPTOP\UserData\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\InstallShield Installation Information\{1ABB299D-6C4E-498E-BB6C-BAEAB72600DD}\setup.ilg Object is locked skipped
    C:\Program Files\Mozilla Firefox\aaw2007.exe.part Object is locked skipped
    C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Jio45.sys.vir Object is locked skipped
    C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\s_detect.htm.vir Infected: Trojan-Downloader.JS.Agent.ms skipped
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/symavc32.sys Infected: Rootkit.Win32.Agent.jc skipped
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/hrum363.txt Infected: Trojan.Win32.Agent.ali skipped
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/kprof Infected: Trojan-Proxy.Win32.Wopla.ag skipped
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/koos.exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/poof Infected: Trojan-Proxy.Win32.Wopla.ag skipped
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip ZIP: infected - 5 skipped
    C:\System Volume Information\_restore{85766195-B126-43A3-87F8-A2F55CA38C20}\RP2\change.log Object is locked skipped
    C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msjetol1.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
    C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
    C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
    C:\WINDOWS\Debug\oakley.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\LAP.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\TEMP\ZLT02e8f.TMP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
    0
  4. jalobservateur Messages postés 7372 Date d'inscription   Statut Contributeur sécurité Dernière intervention   930
     
    Lyonnais, tu es un dur de dur et patient !
    Vrai travail de pro ! Etonnant!
    Et balltrap, fidèle à lui-même !
    Vraiment riche d'éducation.
    Bravo Messieurs ! ;-)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ibmm
     
    Bonjour,

    J'ai lancé spybot qui me trouve 603 objets mais lorsque je clique sur réparer il s'affiche un sablier, j'ai laissé tourner (hors connection) pendant 5 heures et lorsque je reviens toujours le même écran avec le sablier. :-(

    "jalobservateur" tu ne serais pas de l'autre camp à tout hasard ? ;-)
    0
  7. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Lis bien et exécute cette manip dans l’ordre.

    #Télécharge et installe ces logiciels (si tu ne les as pas), pour les 3 premiers mets les à jour, comme indiqué dans les démos ou tutos.

    Ne les utilises pas tout de suite.

    Antispywares et autres :

    * AVG AS

    AVG anti spyware
    https://www.01net.com/telecharger/
    Met le a jour avant de lancer le scan.
    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    Nettoyeurs (de fichiers inutiles) et autres :

    *Ccleaner (gratuit)
    Téléchargement :
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    Tuto :
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

    ========================================
    ->Affiches tous les fichiers et dossiers :
    cliques sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

    [Coche] « afficher les dossiers et fichiers cachés »

    [Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

    [Décoche] « masquer les extensions dont le type est connu »

    Puis fais [appliquer] pour valider les changements.

    Et [Ok]
    ========================================
    Désactive puis réactive ta restauration système en suivant ce stuto :

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924
    ========================================

    ->Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
    puis tape « entrée ».
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ===========================
    ->Lance CCleaner.

    Suppression des fichiers temporaires

    Va dans la section "Options" situé dans la marge gauche. Décoche "Avancé".
    Retourne ensuite dans la section "Nettoyeur"
    Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
    • Clique sur [Analyse]
    • Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
    • Une fois le scan terminé, clique sur [Lancer le Nettoyage]

    ========================================
    ->Lance AVG pour un scan complet "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau et [copie/colle le rapport en forum]
    ========================================

    ->Relance CCleaner.
    Suppression des incohérences du registre

    • Clique sur l'icône [Erreurs] situés dans la marge à gauche
    • Puis clique sur [Analyser les erreurs]
    • Patiente pendant que CCleaner scan ton registre.
    • Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
    • Tu peux cliquer ensuite sur [Corriger les erreurs].

    Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
    ========================================
    ->Vide ta Corbeille.
    ========================================

    ->Défragmente tes partitions

    ->Redémarre en mode normal,

    ->Recoche la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

    Poste le rapport de AVG antispy.

    relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Comment va l'ordi ?
    0
  8. ibmm
     
    Bonjour Le Lyonnais,

    AVG et Antivir semblent ralentir severement le redémarrage à part ça je n'ai pas constaté de difference notable.

    Je vais lancer spybot pour voir s'il décèle toujours les 600 elements.

    Voici les logs :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 13:39:37 17/11/2007

    + Résultat de l'analyse:

    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/koos.exe -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/kprof -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/poof -> Proxy.Wopla.ag : Nettoyé et sauvegardé (mise en quarantaine).
    C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\Jio45.sys.vir -> Rootkit.Agent.jc : Nettoyé et sauvegardé (mise en quarantaine).
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/symavc32.sys -> Rootkit.Agent.jc : Nettoyé et sauvegardé (mise en quarantaine).
    :mozilla.17:C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.14:C:\Documents and Settings\Administrateur.HA-ORMPEE4TVSN1.000\Application Data\Mozilla\Firefox\Profiles\vkwy8zdp.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
    C:\qoobox\Quarantine\catchme2007-11-11_235204.07.zip/hrum363.txt -> Trojan.Agent.ali : Nettoyé et sauvegardé (mise en quarantaine).

    Fin du rapport
    ==================================================================

    Rapport de défragmentation:

    Volume (C:)
    Taille du volume = 18,63 Go
    Taille de cluster = 4 Ko
    Espace utilisé = 15,13 Go
    Espace libre = 3,50 Go
    Pourcentage d'espace libre = 18 %

    Fragmentation du volume
    Fragmentation totale = 35 %
    Fragmentation de fichiers = 68 %
    Fragmentation de l'espace libre = 3 %

    Fragmentation de fichiers
    Total de fichiers = 38 667
    Taille moyenne de fichier = 502 Ko
    Total de fichiers fragmentés = 124
    Total de fragments en trop = 57 511
    Nombre moyen de fragments par fichier = 2,48

    Fragmentation du fichier paginé
    Taille du fichier paginé = 192 Mo
    Total de fragments = 139

    Fragmentation de dossier
    Total de dossiers = 3 731
    Dossiers fragmentés = 1
    Fragments de dossiers en trop = 0

    Fragmentation de la table de fichiers principale (MFT)
    Taille totale de la MFT = 65 Mo
    Nombre d'enregistrements dans la MFT = 43 508
    Pourcentage d'utilisation de la MFT = 65 %
    Total de fragments dans la MFT = 18

    --------------------------------------------------------------------------------
    Fragments Taille du fichierFichiers qui ne peuvent pas être défragmentés
    219 13 Mo \WINDOWS\PCHealth\HelpCtr\DataColl\CollectedData_2235.xml
    256 22 Mo \Documents and Settings\LAPTOP\Mes documents\TomTom\HOME\Downloads\Download Cache\v2_1_1_106_win.exe
    237 26 Mo \Documents and Settings\Ham\Local Settings\Temp\fla8.tmp
    247 26 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\OL2RGDUJ\LES_GUIGNOLS_EMISSION_071014_CAN_4942_video_H[1].flv
    440 28 Mo \xscan.txt
    603 37 Mo \WINDOWS\VPTNFILE.819
    422 42 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\MPKVA5UT\LES_GUIGNOLS_EMISSION_071018_CAN_5270_video_H[1].flv
    427 42 Mo \Documents and Settings\Ham\Local Settings\Temp\fla4.tmp
    456 46 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\OL2RGDUJ\LES_GUIGNOLS_EMISSION_071016_CAN_5105_video_H[1].flv
    438 46 Mo \Documents and Settings\Ham\Local Settings\Temp\fla6.tmp
    601 49 Mo \Documents and Settings\Ham\Local Settings\Temporary Internet Files\Content.IE5\4PYZCXUF\LES_GUIGNOLS_EMISSION_071017_CAN_5208_video_H[1].flv
    552 49 Mo \Documents and Settings\Ham\Local Settings\Temp\fla2.tmp
    464 53 Mo \Documents and Settings\Ham\Bureau\Audio\Berlioz\Classique - VIVALDI - Les quatre saisons2.mp3
    1,041 77 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\ Institute 9 Special\Scene 2 Zafira, Cindy.avi
    621 96 Mo \Documents and Settings\Ham\Bureau\Audio\mo\mo\INTEGRALE - VOL. IX - (1937).ZIP
    537 96 Mo \Documents and Settings\Ham\Bureau\Audio\mo\MoINTEGRALE - VOL. IX - (1937).ZIP
    190 120 Mo \Documents and Settings\LAPTOP\Bureau\BE_NL_and_LU_plus_major_roads_of_WE 1409\BE_NL_and_LU_plus_major_roads_of_WE 1409\cline.dat
    1,173 139 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Cock.Drainers\Cock.Drainers.LauraLion.wmv
    802 148 Mo \Documents and Settings\Ham\Bureau\PAPELARDS\docs\logos\AICS_Tryout_EN.zip
    2,400 149 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special \ Magic.WMV
    2,542 167 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\Panther.avi
    2,715 193 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\ Diamond.avi
    2,773 194 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 Special Camping\auren.avi
    2,209 207 Mo \Documents and Settings\LAPTOP\Bureau\BE_NL_and_LU_plus_major_roads_of_WE 1409.zip
    2,690 208 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Drainers\Drainers.Zuz.wmv
    4,628 277 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Institute 9 \Ice.avi
    4,261 288 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\MaDor.avi
    2,922 496 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Se\Se.wmv
    4,029 630 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\L'obsession de Laure\Lobs.avi
    13,181 678 Mo \Documents and Settings\LAPTOP\Mes documents\Downloads\Jal.avi
    ==================================================================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:10:44, on 17/11/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    vide la quarantaine de avast.

    Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.

    Si c'est le cas tu as le choix entre ces deux possibilités :

    Zone Alarm Tuto et lien de téléchargement ici :
    https://www.malekal.com/tutoriel-zonealarm-firewall/

    Kerio Tuto et lien de téléchargement ici :
    http://www.malekal.com/kerio_firewall.php

    Il y en a d'autres que tu peux trouver en ouvrant ce lien :
    http://www.malekal.com/menu_tutorials_logiciels.php

    Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).

    Ensuite, si l'ordi est stable, il faut installer le SP2.

    Et remets un rapport Hijackthis.
    0
  10. ibmm
     
    [b]Bonjour,

    Une fois mon pare-feu téléchargé installé, devrais-je réactiver mon firewall windows ou pas ?

    Je tente l'install d'sp2 dans l'heure et te fais un rapport.

    Je suis parvenu à virer les elements spybot le log est en ci-dessous.

    J'ai relancé AVG scan (il tourne actuellement ) et j'ai déja 3 tracking cookies trouvés (risque moyen) est-ce normal après ce qu'on vient de faire ?

    Dernière question avant le scan, je souhaiterais désactiver les ActiveX la connection sera t-elle viable si je le fais ? comment proceder ?

    Merci encore! [/b]

    --- Search result list ---
    CoolWWWSearch.HomeSearch: [SBI $A8649E31] Root class (Clé du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NVideoCodec.Chl

    CoolWWWSearch.HomeSearch: [SBI $A8649E31] Class ID (Clé du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BF52A52-394A-11D3-B153-00C04F79FAA6}

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\adiras.ini:lrbmza:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\bevuf.dat:uygzll:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\bkzro.dat:trupjd:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\desktop(5)(3).ini:ijugca:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\desktop(5)(4).ini:ijugca:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\desktop(5).ini:ijugca:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\ieuninst.exe:igfotu:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\logs2.ini:yqcypm:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\mshs.dll:ekajjh:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\nzytn.dat:bjeykq:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\quzyn.txt:lwmqxd:$DATA

    CoolWWWSearch.HomeSearch: [SBI $9370EF52] Exécutable (Fichier, fixed)
    C:\WINDOWS\stub87.ini:xpqpvw:$DATA

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\acddp.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\aqvzn.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\bjqmp.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\cycvv.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\edhqp.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\epfci.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\ezjav.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\fcjej.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\fnphy.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\gwzvt.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\ibzrp.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\ilbxo.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\irxsi.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\iultz.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\iyujp.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\izkbu.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\juvvx.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\jveky.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\kbrwu.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\kgtzd.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\kospz.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\lxpgu.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\mfoxc.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\miruy.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\mnkja.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\mxhyd.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\olsci.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\pacan.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\qhmzv.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\qpclc.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\rvkcm.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\serov.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\suqct.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\tckos.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\uslky.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\xejld.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\xpqpv.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\xscof.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\xxmfo.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\ybwgf.txt

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\yjmis.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\yopok.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\yxrmo.log

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\yyvfu.dat

    CoolWWWSearch: [SBI $EE5CAFC4] Donnée (Fichier, fixed)
    C:\WINDOWS\system32\zzijm.dat

    Smitfraud-C.: [SBI $1167C539] Réglages (Valeur du registre, fixing failed)
    HKEY_USERS\.DEFAULT\WindowsSubVersion

    Smitfraud-C.: [SBI $1167C539] Réglages (Valeur du registre, fixed)
    HKEY_USERS\S-1-5-18\WindowsSubVersion

    MyWay.MyWebSearch: [SBI $DE2C892F] Installeur (Fichier, fixed)
    C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf

    Dialui-A: [SBI $76B7883B] Réglages désinstallation (Clé du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iexpedition

    Win32.Murlo.ff.rtk: [SBI $67E0FCFD] Réglages (Valeur du registre, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UID

    --- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

    2007-08-31 blindman.exe (1.0.0.6)
    2007-08-31 SDMain.exe (1.0.0.4)
    2007-08-31 SDUpdate.exe (1.0.6.4)
    2007-08-31 SDWinSec.exe (1.0.0.8)
    2007-08-31 SpybotSD.exe (1.5.1.15)
    2007-08-31 TeaTimer.exe (1.5.0.9)
    2007-11-17 unins000.exe (51.46.0.0)
    2007-08-31 Update.exe (1.4.0.5)
    2007-08-31 advcheck.dll (1.5.3.0)
    2007-04-02 aports.dll (2.1.0.0)
    2007-04-02 DelZip179.dll (1.79.5.3)
    2007-08-31 SDHelper.dll (1.5.0.8)
    2007-08-31 Tools.dll (2.1.2.0)
    2007-11-14 Includes\Cookies.sbi (*)
    2007-10-31 Includes\Dialer.sbi (*)
    2007-11-14 Includes\DialerC.sbi (*)
    2007-11-07 Includes\Hijackers.sbi (*)
    2007-11-14 Includes\HijackersC.sbi (*)
    2007-10-04 Includes\Keyloggers.sbi (*)
    2007-11-14 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-11-07 Includes\Malware.sbi (*)
    2007-11-14 Includes\MalwareC.sbi (*)
    2007-10-24 Includes\PUPS.sbi (*)
    2007-11-14 Includes\PUPSC.sbi (*)
    2007-11-14 Includes\Revision.sbi (*)
    2007-05-30 Includes\Security.sbi (*)
    2007-11-14 Includes\SecurityC.sbi (*)
    2007-11-07 Includes\Spybots.sbi (*)
    2007-11-14 Includes\SpybotsC.sbi (*)
    2007-11-06 Includes\Tracks.uti
    2007-11-14 Includes\Trojans.sbi (*)
    2007-11-14 Includes\TrojansC.sbi (*)
    2008-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows XP (Build: 2600) Service Pack 1 (5.1.2600)
    / DataAccess: Security Update for Microsoft Data Access Components
    / DirectX: DirectX Update 819696
    / Windows Media Player: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
    / Windows Media Player / SP0: Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
    / Windows XP / SP2: Windows XP Hotfix (SP2) [See KB810243 for more information]
    / Windows XP / SP2: Pack réseau avancé pour Windows XP
    / Windows XP / SP2: Correctif Windows XP - KB820291
    / Windows XP / SP2: Correctif Windows XP - KB821253
    / Windows XP / SP2: Correctif Windows XP - KB822603
    / Windows XP / SP2: Correctif Windows XP - KB823182
    / Windows XP / SP2: Correctif Windows XP - KB824105
    / Windows XP / SP2: Correctif Windows XP - KB824141
    / Windows XP / SP2: Correctif Windows XP - KB824146
    / Windows XP / SP2: Correctif Windows XP - KB825119
    / Windows XP / SP2: Correctif Windows XP - KB826939
    / Windows XP / SP2: Correctif Windows XP - KB826942
    / Windows XP / SP2: Correctif Windows XP - KB828028
    / Windows XP / SP2: Correctif Windows XP - KB828035
    / Windows XP / SP2: Correctif Windows XP - KB829558
    / Windows XP / SP2: Correctif Windows XP - KB842773
    / Windows XP / SP2: Correctif Windows XP (SP2) Q322011
    / Windows XP / SP2: Correctif Windows XP (SP2) Q327979
    / Windows XP / SP2: Correctif Windows XP (SP2) Q814995
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
    / Windows XP / SP3: Mise à jour pour Windows XP (KB927891)

    --- Startup entries list ---
    Located: HK_LM:Run, !AVG Anti-Spyware
    command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    size: 6731312
    MD5: CC6BC45DD5A58158645E7FB2953604FE

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 40048
    MD5: 66D4456C920E21BD2188F8CC33680DF5

    Located: HK_LM:Run, avgnt
    command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    size: 249896
    MD5: 6E898F5959E7195D64594C30E9251938

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 286720
    MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0

    Located: HK_LM:RunOnce, SpybotSnD
    command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4943184
    MD5: C92780F50B8BB7A89E919585916494A9

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-1844237615-839522115-854245398-1007...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 1460560
    MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

    Located: HK_CU:RunOnce, SpybotDeletingB8958
    where: S-1-5-21-1844237615-839522115-854245398-1007...
    command: command /c del "C:\WINDOWS\xtjwc.dat:bhmxdg:$DATA"
    file:
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: HK_CU:RunOnce, SpybotDeletingD8530
    where: S-1-5-21-1844237615-839522115-854245398-1007...
    command: cmd /c del "C:\WINDOWS\xtjwc.dat:bhmxdg:$DATA"
    file: C:\WINDOWS\system32\cmd.exe
    size: 388096
    MD5: 7C2769027921F5F798F5F482A80D2C06

    Located: WinLogon, crypt32chain
    command: crypt32.dll
    file: crypt32.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cryptnet
    command: cryptnet.dll
    file: cryptnet.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, cscdll
    command: cscdll.dll
    file: cscdll.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, ScCertProp
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, Schedule
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, sclgntfy
    command: sclgntfy.dll
    file: sclgntfy.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, SensLogn
    command: WlNotify.dll
    file: WlNotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, termsrv
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    Located: WinLogon, wlballoon
    command: wlnotify.dll
    file: wlnotify.dll
    size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
    Warning: if the file is actually larger than 0 bytes,
    the checksum could not be properly calculated!

    --- Browser helper object list ---

    --- ActiveX list ---
    DirectAnimation Java Classes (DirectAnimation Java Classes)
    DPF name: DirectAnimation Java Classes
    CLSID name:
    Installer:
    Codebase:
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\dajava.cab
    info link:
    info source: Patrick M. Kolla

    Microsoft XML Parser for Java (Microsoft XML Parser for Java)
    DPF name: Microsoft XML Parser for Java
    CLSID name:
    Installer:
    Codebase:
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
    info link:
    info source: Patrick M. Kolla

    {41564D57-9980-0010-8000-00AA00389B71} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\wmvadvd.inf
    Codebase: http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    description:
    classification: Legitimate
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
    Codebase: http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38057.2693518519
    description: Windows Update
    classification: Legitimate
    known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
    info link:
    info source: Patrick M. Kolla

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\System32\Macromed\Flash\
    Long name: Flash9d.ocx
    Short name:
    Date (created): 11/06/2007 21:04:30
    Date (last access): 17/11/2007 17:01:52
    Date (last write): 11/06/2007 21:04:30
    Filesize: 2267368
    Attributes: archive
    MD5: B01E2A41389FBA42B7B5A026EA88C9B7
    CRC32: 8980B6EC
    Version: 9.0.47.0

    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 144 ( 0) \SystemRoot\System32\smss.exe
    size: 45568
    PID: 192 ( 0) \??\C:\WINDOWS\system32\csrss.exe
    size: 4096
    PID: 216 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
    size: 520704
    PID: 260 ( 0) C:\WINDOWS\system32\services.exe
    size: 101888
    MD5: FC0691097471EE374907E1024EDCBD43
    PID: 272 ( 0) C:\WINDOWS\system32\lsass.exe
    size: 11776
    MD5: B7B1C150AFF59455DB4DF082815F88F5
    PID: 436 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 12800
    MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    PID: 468 ( 0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    size: 312880
    MD5: 5DCD235C061022BCDA9AA48670B64211
    PID: 500 ( 0) C:\WINDOWS\system32\svchost.exe
    size: 12800
    MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    PID: 712 ( 0) C:\WINDOWS\Explorer.EXE
    size: 1000448
    MD5: F5909963533D861D169B737A1A8E1EF8
    PID: 896 ( 0) C:\WINDOWS\System32\taskmgr.exe
    size: 136192
    MD5: 43D0E19C07536416037FDFBC372D2ECB
    PID: 1020 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 4943184
    MD5: C92780F50B8BB7A89E919585916494A9
    PID: 1528 ( 0) C:\WINDOWS\regedit.exe
    size: 140800
    MD5: 6D58D6C99C797428AD28D9D67AAAAD9D

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 17/11/2007 17:04:41

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\SYSTEM32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
    http://home.microsoft.com/access/autosearch.asp?p=%s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\windows\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm

    --- Winsock Layered Service Provider list ---

    --- Uninstall list ---
    (AddressBook)

    Adobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)
    uninstall cmd: C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    publisher: Adobe Systems Incorporated
    help link: https://helpx.adobe.com/flash-player.html

    Adobe SVG Viewer 3.0 3.0 (Adobe SVG Viewer)
    version (major): 3
    install location: C:\WINDOWS\System32\Adobe\SVG Viewer 3.0
    uninstall cmd: C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    publisher: Adobe Systems, Inc.

    Avira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic)
    uninstall cmd: C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    publisher: Avira GmbH
    help link: http://www.avira.com/classic-support

    AVG Anti-Spyware 7.5 (AVGAntiSpyware75)
    install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
    uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    publisher: Grisoft Ltd.
    help link: https://www.avg.com/fr-fr/homepage

    (Branding)

    CCleaner (remove only) (CCleaner)
    uninstall cmd: "C:\Documents and Settings\LAPTOP\Bureau\CCleaner\uninst.exe"

    (Connection Manager)

    (DirectAnimation)

    (DirectDrawEx)

    (DXM_Runtime)

    (expinst)

    (Fontcore)

    HijackThis 2.0.2 2.0.2 (HijackThis)
    uninstall cmd: "C:\Documents and Settings\LAPTOP\Bureau\HijackThis.exe" /uninstall
    publisher: TrendMicro

    (ICW)

    (IE40)

    (IE4Data)

    (IE5BAKEX)

    (IEData)

    Internet Explorer Q832894 (ieupdate)
    uninstall cmd: C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf

    (InstallShield Uninstall Information)

    Kaspersky Online Scanner 5.0 (Kaspersky Online Scanner)
    install location: C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner
    uninstall cmd: C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    publisher: Kaspersky Lab
    contact: Customer Support Department
    help link: https://my.kaspersky.com/en/kpc/newrequest?LANG=en

    Windows XP Hotfix (SP2) [See KB810243 for more information] (KB810243)
    publisher: Microsoft Corporation

    Correctif Windows XP - KB824146 20030825.150634 (KB824146)
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/824146/

    (KB884016)

    Windows Genuine Advantage Validation Tool (KB892130) (KB892130)
    install date: 20071102
    publisher: Microsoft Corporation
    help link: https://www.microsoft.com/en-us/howtotell/default.aspx

    (KB893803)

    (Microsoft NetShow Player 2.0)

    (MobileOptionPack)

    (MPlayer2)

    (MSI30-Beta1)

    (MSI30-Beta2)

    (MSI30-KB884016)

    (MSI30-RC1)

    (MSI30-RC2)

    (MSI30a-KB884016)

    (MSI31-Beta)

    (MSI31-RC1)

    (MsJavaVM)

    (MSMSGS)

    Barre d'outils MSN (MSN Toolbar)
    uninstall cmd: C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\mtbs.exe c

    (NetMeeting)

    Outlook Express Q820223 (oeupdate)
    uninstall cmd: C:\WINDOWS\Q820223.exe C:\WINDOWS\INF\Q820223.inf

    (OutlookExpress)

    (PCHealth)
    uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    IBM ThinkPad Power Management Driver 1.25.01 (Power Management Driver)
    uninstall cmd: RunDll32.exe tpinspm.dll,Uninstall

    Intel(R) PRO Network Adapters and Drivers (PROSet)
    uninstall cmd: Prounstl.exe

    Correctif Windows XP (SP2) Q322011 20021111.164308 (Q322011)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ322011$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: Pour plus d'informations, consultez Q322011 à l'adresse https://support.microsoft.com/en-us

    Correctif Windows XP (SP2) Q327979 20021114.125930 (Q327979)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: Pour plus d'informations, consultez Q327979 à l'adresse https://support.microsoft.com/en-us

    Correctif Windows XP (SP2) Q814995 20030219.141715 (Q814995)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ814995$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/814995

    Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] (Q828026)
    uninstall cmd: C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us/help/828026

    (RealJukebox 1.0)
    uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

    RealPlayer (RealPlayer 6.0)
    uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

    SAMSUNG CDMA Modem Driver Set (SAMSUNG CDMA Modem)
    uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe

    SAMSUNG Mobile Composite Device Software (SAMSUNG Mobile Composite Device)
    uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\6\SSBCUninstall.exe

    Samsung Mobile phone USB driver Software (Samsung Mobile phone USB driver)
    uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\5\SSSDUninstall.exe

    SAMSUNG Mobile USB Modem Software (SAMSUNG Mobile USB Modem)
    uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

    SAMSUNG Mobile USB Modem 1.0 Software (SAMSUNG Mobile USB Modem 1.0)
    uninstall cmd: C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe

    (SchedulingAgent)

    (Sevinst)

    VideoLAN VLC media player 0.8.1 0.8.1 (VLC media player)
    uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
    publisher: VideoLAN Team

    Windows Genuine Advantage Validation Tool (KB892130) 1.7.0036.0 (WGA)
    publisher: Microsoft Corporation
    help link: https://www.microsoft.com/en-us/howtotell/default.aspx

    Windows Media Format Runtime (Windows Media Format Runtime)
    uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

    Lecteur Windows Media 10 (Windows Media Player)
    uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

    Yahoo! Toolbar avec bloqueur de fenêtres pop-up (Yahoo! Companion)
    uninstall cmd: C:\PROGRA~1\Yahoo!\Common\unyt.exe

    Yahoo! Toolbar (Yahoo! Toolbar)

    (ZZ-ZZ-D24VaAhvUyhcOVIjRkZOW0ZPRkNGQFtETzUzRU5FRltGC0ALRwtHCzUyJCM4MTEyJSQiOVo0WzlPNkReNTtIIA==)

    kit de connexion NC NUMERICABLE 1.0 ({1ABB299D-6C4E-498E-BB6C-BAEAB72600DD})
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ABB299D-6C4E-498E-BB6C-BAEAB72600DD}\setup.exe" -l0x40c ControlPanel

    InterVideo WinDVD 5 5.1-B5.26 ({1B399A41-C1D0-40A2-9E4F-095868EFAF01})
    version (major): 5
    version (minor): 1
    install location: C:\Program Files\InterVideo\DVD5
    uninstall cmd: "C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
    publisher: InterVideo Inc.
    contact: support@intervideo.com
    help link: https://www.windvdpro.com/fr/

    Google Toolbar for Internet Explorer ({2318C2B1-4965-11d4-9B18-009027A5CD4F})
    uninstall cmd: regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

    3.0.20070525 ({2CCBABCB-6427-4A55-B091-49864623C43F})
    version: 20070525
    version (major): 3

    J2SE Runtime Environment 5.0 Update 6 1.5.0.60 ({3248F0A8-6813-11D6-A77B-00B0D0150060})
    version: 17104896
    version (major): 1
    version (minor): 5
    estimated size: 122273
    install date: 20060416
    install source: http://jdl.sun.com/webapps/download/GetFile/1.5.0_06plus-b05/windows-i586//
    uninstall cmd: MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    publisher: Sun Microsystems, Inc.
    contact: https://www.java.com/en/
    help link: https://www.java.com/en/
    readme: C:\Program Files\Java\jre1.5.0_06\README.txt

    WebFldrs XP 9.50.6513 ({350C940c-3D7C-4EE8-BAA9-00BCB3D54227})
    version: 154278257
    version (major): 9
    version (minor): 50
    estimated size: 2652
    install date: 20040309
    install source: C:\WINDOWS\System32\
    publisher: Microsoft Corporation
    help link: https://www.microsoft.com/en-us/windows/

    TomTom HOME 2.1.1106 ({3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95})
    version: 33621074
    install date: 20071027
    install location: C:\Program Files\TomTom HOME 2
    install source: C:\DOCUME~1\LAPTOP\MESDOC~1\TomTom\HOME\DOWNLO~1\DOWNLO~1\V2_1_1~1.EXE
    uninstall cmd: C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x040c -removeonly -removeonly -removeonly
    publisher: TomTom
    help link: https://help.tomtom.com/hc/fr

    Visionneuse Journal Windows Microsoft 1.5.2315.3 ({43DCF766-6838-4F9A-8C91-D92DA586DFA7})
    version: 17107211
    version (major): 1
    version (minor): 5
    estimated size: 3715
    install date: 20040311
    install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
    publisher: Microsoft
    comments: Visionneuse de documents créés avec l'application Journal Windows.
    contact: Microsoft

    Windows Live Sign-in Assistant 4.100.313.1 ({49672EC2-171B-47B4-8CE7-50D7806360D7})
    version: 73662777
    version (major): 4
    version (minor): 100
    estimated size: 1220
    install date: 20070927
    install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    publisher: Microsoft Corporation

    SAGEM F@st 800-840 ({4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F})

    Windows Genuine Advantage v1.3.0254.0 1.3.0254.0 ({63569CE9-FA00-469C-AF5C-E5D4D93ACF91})
    version: 16974078
    version (major): 1
    version (minor): 3
    estimated size: 519
    install date: 20051118
    install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
    publisher: Microsoft
    comments: Your Comments
    contact: Customer Support Department
    help link: http://www.microsoft.com/genuine/downloads/whyValidate.aspx/help
    help telephone: 1-425.882.8080

    ({666ADC9C-9C34-4B56-8B22-0419F257FB80})

    Apple Software Update 2.0.0.21 ({74EC78BC-B379-4E29-9006-8F161DCAABA6})
    version: 33554432
    version (major): 2
    estimated size: 2204
    install date: 20071028
    install location: C:\Program Files\Apple Software Update\
    install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP242.TMP\
    uninstall cmd: MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
    publisher: Apple Inc.
    contact: Assistance AppleCare
    help link: https://support.apple.com/fr-fr
    help telephone: 0825 888 024

    Microsoft Office XP Professional 10.0.2627.5 ({9211040C-6000-11D3-8CFE-0050048383C9})
    version: 167774787
    version (major): 10
    estimated size: 158055
    install date: 20040311
    install location: INSTALLLOCATION
    install source: D:\OfficeXP\
    uninstall cmd: MsiExec.exe /I{9211040C-6000-11D3-8CFE-0050048383C9}
    publisher: Microsoft Corporation
    help link: https://support.microsoft.com/en-us
    readme: C:\Program Files\Microsoft Office\Office10\1036\OFREAD10.HTM

    QuickTime 7.2.0.240 ({95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC})
    version: 117571584
    version (major): 7
    version (minor): 2
    estimated size: 75787
    install date: 20071028
    install location: C:\Program Files\QuickTime\
    install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP242.TMP\
    uninstall cmd: MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
    publisher: Apple Inc.
    contact: Assistance AppleCare
    help link: https://support.apple.com/fr-fr
    help telephone: (33) 0825 888 024

    Adobe Reader 8.1.0 - Français 8.1.0 ({AC76BA86-7AD7-1036-7B44-A81000000003})
    version: 134283264
    version (major): 8
    version (minor): 1
    estimated size: 149605
    install date: 20071021
    install location: C:\Program Files\Adobe\Reader 8.0\Reader\
    install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\Adobe Reader 8\
    uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
    publisher: Adobe Systems Incorporated
    comments:
    contact: Support clientèle
    help link: https://helpx.adobe.com/support.html
    readme: C:\Program Files\Adobe\Reader 8.0\Reader\Lisezmoi.htm

    Kit de connexion ADSL 3.30.000 ({B0C5783F-AB91-460B-8238-BD9A8F6346D3})
    version: 52297728
    install location: C:\Program Files\Kit ADSL
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0C5783F-AB91-460B-8238-BD9A8F6346D3}\setup.exe" -l0x40c -eth

    TomTom HOME 2.1.1106 ({B3FAE1D6-EA8B-4470-83B7-7A95D37BCA2B})
    version: 33621074
    version (major): 2
    version (minor): 1
    estimated size: 1641
    install date: 20071027
    install location: C:\Program Files\TomTom HOME 2\
    install source: C:\Program Files\TomTom HOME 2\{B3FAE1D6-EA8B-4470-83B7-7A95D37BCA2B}\
    publisher: TomTom
    comments: Main branch development
    contact: Customer Support Department
    help link: https://help.tomtom.com/hc/en-gb

    Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
    install date: 20071117
    install location: C:\Program Files\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited
    help link: https://www.safer-networking.org/?page=support

    Micro Application - 36 Dictionnaires et Recueils de Correspondance 1.0.0.0 ({B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0})
    version: 16777216
    install location: C:\Program Files
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B410328C-0E8C-4DD2-9DB4-DE7766D0DFE0}\SETUP.EXE" -l0x40c -uninst

    Samsung PC Studio 3.1.1.70208 ({C4A4722E-79F9-417C-BD72-8D359A090C97})
    version: 50331648
    install date: 20070821
    install location: C:\Program Files\Samsung\Samsung PC Studio 3\
    install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\bye4A.tmp\Disk1\
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
    publisher: Samsung Electronics Co., Ltd.
    comments: Samsung PC Studio 3 Maintenance
    contact: Samsung Electronics Co., Ltd.
    help link: http://www.samsungmobile.co.kr
    help telephone: +82 2051 4151

    Alice ADSL - Installation principale 2.00.000 ({CE5D7CE8-27E7-4452-AF33-F38F074BBD08})
    version: 33554432
    install location: C:\Program Files\Alice_Triway_WiFi
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE5D7CE8-27E7-4452-AF33-F38F074BBD08}\setup.exe" -l0x40c -eth -pri

    ({D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5})

    Google Toolbar for Internet Explorer 4.0.0.002 ({DBEA1034-5882-4A88-8033-81C4EF0CFA29})
    version: 67108864
    version (major): 4
    estimated size: 1096
    install date: 20070923
    install source: C:\Program Files\Google\Installers\
    uninstall cmd: MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    publisher: Google Inc.

    Samsung PC Studio 3 USB Driver Installer 1.00.0000 ({EBA29752-DDD2-4B62-B2E3-9841F92A3E3A})
    version: 16777216
    install date: 20070821
    install location: C:\Program Files\Samsung\Samsung PC Studio 3
    install source: C:\DOCUME~1\Hammed\LOCALS~1\Temp\bye7C.tmp\Disk1\
    uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
    publisher: Samsung Electronics Co., Ltd.
    comments: Samsung PC Studio 3 Maintenance
    contact: Samsung Electronics Co., Ltd.
    help link: http://www.samsungmobile.co.kr
    help telephone: +82 2051 4151

    Windows Live Messenger 8.1.0178.00 ({F6326B60-1B1D-4ABF-BFCD-7B7404F44411})
    version: 134283442
    version (major): 8
    version (minor): 1
    estimated size: 31939
    install date: 20070927
    install source: C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\IXP000.TMP\
    uninstall cmd: MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    publisher: Microsoft Corporation

    Samsung PC Studio 3.0.0.70208 ({FCA211BA-1A9F-4128-8DAE-96192C68816D})
    version: 50331648
    version (major): 3
    estimated size: 1270
    install date: 20070821
    install location: C:\Program Files\Samsung\Samsung PC Studio 3\
    install source: C:\Program Files\Samsung\Samsung PC Studio 3\{FCA211BA-1A9F-4128-8DAE-96192C68816D}\
    publisher: Samsung Electronics Co., Ltd.
    contact: Customer Support Department
    help link: http://www.samsungmobile.co.kr
    help telephone: 1-555-555-4505

    --- System Services ---
    Service (registry key): .NET CLR Data
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET CLR Networking
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NETFramework
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): 6to4
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service d'application d'assistance IPv6
    Description: Fournit l'enregistrement de nom DDNS et la connectivité IPv6 automatique via un réseau IPv4. Si ce service est arrêté, d'autres ordinateurs pourraient ne pas être en mesure de le contacter par son nom et l'ordinateur disposera uniquement de la connectivité IPv6 s'il est connecté à un réseau IPv6 natif. Si ce service est désactivé, tous les services qui en dépendent explicitement ne pourront pas démarrer.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSS,tcpip6,winmgmt

    Service (registry key): Abiosdsk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): abp480n5
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ac97intc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service d'installation du pilote audio Intel(r) 82801 (WDM)
    Image path: system32\drivers\ac97intc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): ACPI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote ACPI Microsoft
    Image path: System32\DRIVERS\ACPI.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ACPIEC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de contrôleur intégré Microsoft
    Image path: System32\DRIVERS\ACPIEC.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): ADILOADER
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: General Purpose USB Driver (adildr.sys)
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): adiusbaw
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: USB ADSL WAN Adapter
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aec
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Suppresseur d'écho acoustique (Noyau Microsoft)
    Image path: system32\drivers\aec.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AFD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Environnement de prise en charge de réseau AFD
    Image path: \SystemRoot\System32\drivers\afd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 1

    Service (registry key): agp440
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Filtre de bus AGP Intel
    Image path: System32\DRIVERS\agp440.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Aha154x
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78u2
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Alerter
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Avertissement
    Description: Informe les utilisateurs et les ordinateurs sélectionnés des alertes administratives. Si ce service est arrêté, les programmes qui utilisent les alertes administratives ne les recevront pas. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation

    Service (registry key): ALG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service de la passerelle de la couche Application
    Description: Fournit la prise en charge des plugins de protocoles tiers pour le partage de connexion Internet et le pare-feu Internet.
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 41984
    Image MD5: 292FBA8E83DB606519D45DD1FCBBD3B8
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): AliIde
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): amsint
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AntiVirScheduler
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AntiVir PersonalEdition Classic Scheduler
    Description: Service to schedule AntiVir jobs and updates.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
    Image size: 63016
    Image MD5: A6FA9C14E649B2F3DE15390A1840774D
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1

    Service (registry key): AntiVirService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AntiVir PersonalEdition Classic Guard
    Description: Offers permanent protection against viruses and malware with the AntiVir search engine.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
    Image size: 214056
    Image MD5: F640EA98231D7B1DB730385813BFCE79
    Control Set: CurrentControlSet
    Start: 2
    Type: 272
    Error Control: 1

    Service (registry key): AppMgmt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Gestion d'applications
    Description: Fournit des services d'installation de logiciels tels que Attribuer, Publier et Supprimer.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1

    Service (registry key): asc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3350p
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): asc3550
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Aspi32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): aswTdi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): AsyncMac
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de média asynchrone RAS
    Description: Pilote de média asynchrone RAS
    Image path: System32\DRIVERS\asyncmac.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Contrôleur de disque dur IDE/ESDI standard
    Image path: System32\DRIVERS\atapi.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Atdisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 0

    Service (registry key): Atmarpc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Protocole client ATM ARP
    Description: Protocole client ATM ARP
    Image path: System32\DRIVERS\atmarpc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): AudioSrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Audio Windows
    Description: Gère les périphériques audio pour les programmes basés sur Windows. Si ce service est arrêté, les périphériques et les effets audio ne fonctionneront pas correctement. Si ce service est désactivé, les services en dépendant explicitement ne démarreront pas.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay,RpcSs

    Service (registry key): audstub
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote audio Stub
    Image path: System32\DRIVERS\audstub.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AVG Anti-Spyware Driver
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG Anti-Spyware Driver
    Image path: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): AVG Anti-Spyware Guard
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG Anti-Spyware Guard
    Object name: LocalSystem
    Image path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    Image size: 312880
    Image MD5: 5DCD235C061022BCDA9AA48670B64211
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): AvgAsCln
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AVG Anti-Spyware Clean Driver
    Image path: System32\DRIVERS\AvgAsCln.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): avgntdd
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgntdd
    Image path: SYSTEM32\DRIVERS\avgntdd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1
    Depends On services: avgntmgr

    Service (registry key): avgntmgr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgntmgr
    Image path: SYSTEM32\DRIVERS\avgntmgr.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 0
    Type: 2
    Error Control: 1

    Service (registry key): avipbb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avipbb
    Description: Avira's Driver for RootKit Detection
    Image path: System32\DRIVERS\avipbb.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): AWZYALMD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 2
    Type: 1
    Error Control: 0

    Service (registry key): BattC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): Beep
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BITS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service de transfert intelligent en arrière-plan
    Description: Utilise la bande passante réseau inactive pour transférer des données.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: Rpcss

    Service (registry key): Browser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Explorateur d'ordinateur
    Description: Tient à jour une liste des ordinateurs présents sur le réseau et fournit cette liste aux ordinateurs désignés comme navigateurs. Si ce service est arrêté, la liste ne sera pas mise ou tenue à jour. Si ce service est désactivé, les services qui en dépendent ne pourront pas démarrer.
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 12800
    Image MD5: 333A4DB8410D8E24DB06D6AEBECDC7C2
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): catchme
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \??\C:\DOCUME~1\LAPTOP\LOCALS~1\Temp\catchme.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): cbidf2k
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): cd20xrnt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Cdaudio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): Cdfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): Cdrom
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de CD-ROM
    Image path: System32\DRIVERS\cdrom.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On group: "SCSI miniport"

    Service (registry key): Changer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 0

    Service (registry key): CiSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Indexing Service
    Description: Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\cisvc.exe
    Image size: 5120
    Image MD5: 7901AF03767C140467671C7CEEB2C3FE
    Co
    0
  11. ibmm
     
    Bonjour,

    Je n'ai pas pu installer sp2 en mode normal, en sans echec, après 1h d'installation(!) j'ai un message m'indiquant que l'installation ne peut être terminée car "acces denied"!

    Je reéssaierai week end prochain en changeant les autorisation dans les HKey de regedit.
    dernier scan hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:08:38, on 17/11/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  12. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    jamais 2 parefeus en même temps. Kerio suffit.

    Je ne vois pas d'activeX;

    Ta console java n'est pas à jour, ce qui constitue une faille de sécurité. (version 6, release 3)

    Ouvre ce lien :
    https://www.java.com/fr/download/manual.jsp

    Choisis la première ligne de téléchargement puis installe java.

    En fin d'installation, revient sur la page pour vérifier ton installation.

    Quand l'installation a réussi, ouvre le panneau de configuration, Ajout/suppression de programmes et supprime
    J2SE Runtime Environment Version 5.0 Update xx.

    Les tracding cookies, tu en as toujours.

    Un petit utilitaire pour restaurer des clés essentielles :

    http://telechargement.zebulon.fr/zeb-restore.html

    J'attends de tes nouvelles.
    0
  13. Ibmm
     
    Salut Le Lyonnais !

    Voici le verdict : Pour l'installation de SP2 un seul mot d'ordre accès refusé (après 1h d'installation) .

    La restauration des clés essentielles semble avoir bien fonctionné.

    L'install de Java ne fonctionne pas, lorsque je clique sur l'îcone (pourtant bien enregistré du site sur mon bureau), un sablier s'affiche puis au bout de 5s plus rien n'est à sgnaler comme s'il avait abandonné l'install.

    J'ai été sur les options internet pour les contrôles active X, pour les activer mais rien ne semble changer.

    Autre souci, je ne parviens pas à désinstaller spybot. le fichier uninstall semble ne pas être present.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:50:25, on 25/11/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\LAPTOP\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commentcamarche.net/forum/affich 3448031 virus qui bloque l acces aux postes cles
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    0
  14. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    pour désinstaller Spybot :

    Spybot - Search & Destroy 1.5.1.15 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
    install date: 20071117
    install location: C:\Program Files\Spybot - Search & Destroy\
    uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    publisher: Safer Networking Limited

    Réussi ?
    0
  15. Ibmm
     
    Re, Le Lyonnais...

    Pardonnes moi mais que dois-je faire avec ces references ? où dois-je les chercher ?
    Dois-je simplement rechercher puis effacer les fichiers indiqués ?
    0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    désolé,

    tu ouvres l'explorateur Windows, tu cherches :

    C:\Program Files\Spybot - Search & Destroy\unins000.exe

    tu double-cliques dessus pour désinstaller spybot.
    0
  17. Ibmm
     
    Slt

    Lorsque je clique dessus, un panneau qui m'indique que le même fichier mais en .dat n'existe pas : desinstallation impossible.
    0
  18. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    solution :

    tu supprimes le dossier.

    derrière, tu fais passer ccleaner pour nettoyer le registre.

    J'ai l'impresssion que je ne peux plus grand chose pour toi.

    mais le fait de rester sous SP1 est une faille de sécurité permanente.

    L'absence de mise à jour de la console java aussi.

    Antivir est une bonne protection.

    AVG AS est une version payante ? Sinon la protection résidente va cesser.

    Il semble que Spysweeper serait une meilleure protection.

    Voir tuto ici :

    http://www.malekal.com/tutorial_SpySweeper.php
    0
  19. IBMM
     
    Merci Le Lyonnais,

    Tu en as déjà fait beaucoup et je t'en suis infiniment reconnaissant.

    Pour moi le PC est ok, je ne l'utilises quasiment pas, c'est juste qu'il contient d'anciens fichiers que je peux être amené à vouloir récupérer et que je voulais sauver.

    D'autre part La page est suffisamment chargée comme ça ;-)

    AVG semble être gratuit...

    PS: Si un jour les affaires ou autres t'amènent vers chez moi dans le Nord, ne manque pas de me contacter avant "keusty2005@AHOO.FR"

    En attendant bonne continuation à toi ...
    0
  20. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    je vais mettre le post en résolu.

    Evite d'utiliser l'ordi pour accéder au Net. Il est particulièrement vulnérable. La non mise à jour de l'OS, du navigateur, de la console java sont autant de failles de sécurité exploitées par les malwares et qui restent ouvertes.

    AVG AS a été téléchargé pendant la désinfection. C'est donc la version gratuite et la protectioin résidente va disparaitre au bout de quelques semaines (bientôt). Tu peux le remplacer par Superantispyware ou Spysweeper qui, je crois, conservent la garde résidente même en version gratuite. A défaut, Spybot l'assure. Mais un seul antispy en garde résidente.

    Bon surf.
    0
Précédent
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7